Commit e0f99afbdf00
Changed files (1)
modules
nix-flake-updater
modules/nix-flake-updater/default.nix
@@ -119,6 +119,7 @@ in
Type = "oneshot";
User = cfg.user;
ExecStart = "${updateScript}";
+ Environment = ''"GIT_SSH_COMMAND=ssh -o ControlMaster=no"'';
# Security hardening
PrivateTmp = true;
@@ -127,6 +128,8 @@ in
ReadWritePaths = [
cfg.repoPath
"/var/log/nix-flake-updater"
+ # Worktree location (script creates worktrees in ~/tmp)
+ "/home/${cfg.user}/tmp"
];
NoNewPrivileges = true;